VPN - How do they know?

A friend was asking about VPN's and I remembered that he was on NTL and that
when I was on their home service a couple of years back the T&C's prohibited
the use of VPN's, along with a "public FTP server" IIRC. I assume they
considered it a "business" service and that one should be paying for a business
connection.

However, what we were both wondering was - how they could tell? It can't just
be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.

--

Regards

Dave Saville

NB Remove -nospam for good email address

"Dave Saville" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed). uk...
>A friend was asking about VPN's and I remembered that he was on NTL and
>that
> when I was on their home service a couple of years back the T&C's
> prohibited
> the use of VPN's, along with a "public FTP server" IIRC. I assume they
> considered it a "business" service and that one should be paying for a
> business
> connection.

Bit of a shame if you work at home for a day and VPN from your work
laptop...

>
> However, what we were both wondering was - how they could tell? It can't
> just
> be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.

They would have to look inside for the the protocol.

>
> --
>
> Regards
>
> Dave Saville

BTW the use of "gotcha'" T&C's with arbitrary restrictions is one of the
indicators that you are dealing with a supplier that has never had the
slightest intention of providing satisfactory (let alone good) customer
service.

In article <(E-Mail Removed)>,
"R. Mark Clayton" <(E-Mail Removed)> writes:
>
> "Dave Saville" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed). uk...
>>A friend was asking about VPN's and I remembered that he was on NTL and
>>that
>> when I was on their home service a couple of years back the T&C's
>> prohibited
>> the use of VPN's, along with a "public FTP server" IIRC. I assume they
>> considered it a "business" service and that one should be paying for a
>> business
>> connection.
....
>> However, what we were both wondering was - how they could tell? It can't
>> just
>> be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.
>
> BTW the use of "gotcha'" T&C's with arbitrary restrictions is one of the
> indicators that you are dealing with a supplier that has never had the
> slightest intention of providing satisfactory (let alone good) customer
> service.

It's also an indication that their legal department is one which no
doubt takes pride in inventing enough contradictory contradictions that
it would be impossible for any customer to adhere to all of them. That
way they can pick on any customer they find to be a nuisance, and get
rid of them for violation of the T&Cs, because all customers will be
in violation of the T&Cs.

The plus side is that such companies don't bother actually policing
the conditions they set. Because, obviously, they would then have zero
customers. If the customer's use of the network is not perceived as
being a problem, the customer won't be disturbed. The downside is that
if they do perceive the customer's use to be a problem for any reason,
real or imaginary, the customer is hit.

I've had a VPN over my NTL connection in place continuously for the last
3 years without any problem. I can quickly move to an alterative
connection if NTL take issue with it.

--
Tim Clark

"Tim Clark" <(E-Mail Removed)> wrote in message
news:aknap3-(E-Mail Removed)...
> In article <(E-Mail Removed)>,
> "R. Mark Clayton" <(E-Mail Removed)> writes:
> >
> > "Dave Saville" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed). uk...
> >>A friend was asking about VPN's and I remembered that he was on NTL and
> >>that
> >> when I was on their home service a couple of years back the T&C's
> >> prohibited
> >> the use of VPN's, along with a "public FTP server" IIRC. I assume they
> >> considered it a "business" service and that one should be paying for a
> >> business
> >> connection.

We have a number of home workers who are on NTL and have no problems with
VPN ..

> ...
> >> However, what we were both wondering was - how they could tell? It
can't
> >> just
> >> be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.
> >

They can block the standard VPN ports, as most places do for port 25 and
SMTP...

> > BTW the use of "gotcha'" T&C's with arbitrary restrictions is one of the
> > indicators that you are dealing with a supplier that has never had the
> > slightest intention of providing satisfactory (let alone good) customer
> > service.
>
> It's also an indication that their legal department is one which no
> doubt takes pride in inventing enough contradictory contradictions that
> it would be impossible for any customer to adhere to all of them. That
> way they can pick on any customer they find to be a nuisance, and get
> rid of them for violation of the T&Cs, because all customers will be
> in violation of the T&Cs.
>
> The plus side is that such companies don't bother actually policing
> the conditions they set. Because, obviously, they would then have zero
> customers. If the customer's use of the network is not perceived as
> being a problem, the customer won't be disturbed. The downside is that
> if they do perceive the customer's use to be a problem for any reason,
> real or imaginary, the customer is hit.
>
> I've had a VPN over my NTL connection in place continuously for the last
> 3 years without any problem. I can quickly move to an alterative
> connection if NTL take issue with it.
>

Just don't try updating to the NTL Business service. That appears to block
the normal VPN ports and we have had to move our home workers back to the
"non-business" service.....

> --
> Tim Clark

Dave.

On Sat, 22 Jul 2006 23:07:09 GMT, in uk.telecom.broadband , "Tim
Clark" <(E-Mail Removed)> wrote:

>In article <(E-Mail Removed)>,
> "R. Mark Clayton" <(E-Mail Removed)> writes:
>>
>> "Dave Saville" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed). uk...
>>>A friend was asking about VPN's and I remembered that he was on NTL and
>>>that
>>> when I was on their home service a couple of years back the T&C's
>>> prohibited
>>> the use of VPN's, along with a "public FTP server" IIRC. I assume they
>>> considered it a "business" service and that one should be paying for a
>>> business
>>> connection.
>...
>>> However, what we were both wondering was - how they could tell?

Euh, by port number.

>I've had a VPN over my NTL connection in place continuously for the last
>3 years without any problem.

Same here. I suspect the T&C item, if it still exists, refers to
running a VPN server in-house.
--
Mark McIntyre

On Sun, 23 Jul 2006 15:25:00 +0100, Mark McIntyre
<(E-Mail Removed)> wrote:

> On Sat, 22 Jul 2006 23:07:09 GMT, in uk.telecom.broadband , "Tim
> Clark" <(E-Mail Removed)> wrote:
>
>>>> However, what we were both wondering was - how they could tell?
>
> Euh, by port number.

Yeah right - so what difference is there in port number between an
https connection using TCP port 443 and OpenVPN using TCP port 443?

In article <44c3ce1e$0$28753$(E-Mail Removed)>,
(E-Mail Removed)lid says...
>
> Yeah right - so what difference is there in port number between an
> https connection using TCP port 443 and OpenVPN using TCP port 443?
>
OpenVPN doesn't use TCP ;-) TCP for VPN isn't very efficient, either.

On Sun, 23 Jul 2006 22:30:00 +0100, Chris
<(E-Mail Removed)> wrote:

> OpenVPN doesn't use TCP ;-) TCP for VPN isn't very efficient, either.

Funny that - because I connect from work to home most days tunnelling
an OpenVPN connection through the corporate web proxy using TCP.

Fact - OpenVPN can use either TCP or UDP. TCP is not as 'efficient'
as UDP - but then if you need to get through firewalls, proxies, etc
sometime you just have to accept the inefficiencies.

In article <aknap3-(E-Mail Removed)>,
Tim Clark <(E-Mail Removed)> wrote:
>I've had a VPN over my NTL connection in place continuously for the last
>3 years without any problem.

I've been using various VPNs over my NTL connection for about 5 years now.

A few years back NTL published some new T&Cs. These prohibited VPN use.
There was a huge reaction from the customer base, and the prohibition
swiftly removed. (Actually, at this distance, I can't remember if the
T&Cs were ever actually activated. In this case, some gormless clown at
NTL had obviously written the new terms in ignorance of what people
actually use this new-fangled Innernet thing for.) This is probably the
origin of the 'NTL bans VPNs' meme.

If you go and check the current NTL T&Cs at
http://www.home.ntl.com/page/userpolicy, you will find the following:

18. Use of Virtual Private Network (VPN)

You may use VPN but you acknowledge that your Services may be adversely
affected by such use. If you use VPN and this affects our network
performance or any users of ntl's Services, we reserve the right to
instruct you to stop using VPN and you must comply with this request.

Entirely reasonable as far as I can see. As far as running a VPN server
goes, I can see nothing prohibiting it, though it would be subject
to Section 17 on servers, notably

(iii)
Remote Access: all remote access ( FTP; SSH ; PC Anywhere etc) must
be password protected and the address must not be publicly advertised.

and (vi)
Other: you may run other servers but be aware that we reserve the right
to restrict access to them should they cause network problems or should
we receive complaints from other customers.
--
Jim Hague - (E-Mail Removed) Never trust a computer you can't lift.

On Sun, 23 Jul 2006 20:17:20 +0100, in uk.telecom.broadband , Killa
<(E-Mail Removed)> wrote:

>On Sun, 23 Jul 2006 15:25:00 +0100, Mark McIntyre
><(E-Mail Removed)> wrote:
>
>> On Sat, 22 Jul 2006 23:07:09 GMT, in uk.telecom.broadband , "Tim
>> Clark" <(E-Mail Removed)> wrote:
>>
>>>>> However, what we were both wondering was - how they could tell?
>>
>> Euh, by port number.
>
>Yeah right - so what difference is there in port number between an
>https connection using TCP port 443 and OpenVPN using TCP port 443?

No idea, tho a SPI firewall could probably tell. The point is, most
company VPNs tend to run on specific ports and 443 isn't it. Obviously
though, if you choose to hijack ports, then you create interesting
problems.
--
Mark McIntyre